[moin-devel] Moin 1.9 & 2: Link to fraudulent website in your help pages, action required

Sebastian Wagner swagner at intevation.de
Thu Aug 22 04:11:33 EDT 2024 

Dear Moin community,

Moin's default intermap.txt contains a InterWiki link for the usemodwiki.
Although usemod[.]com has been replacedby usemod[.]org by it's owners, a 
Vietnamese *online gambling* website now uses .org, the original domain, 
which is still part of the intermap.txt.

As the help page 'HelpOnProcessingInstructions' contains a link using 
the usemodintermaplink, *all Moin-instances*contain a link to that 
fraudulent website.

For Moin2, the current git HEAD contains a fix; for Moin 1.9, the fix 
has not yet been merged.
However, *updating your instance is insufficient*, as the intermap.txt 
is a setting per instance.

You can use the following command at your own risk (adapt if needed) to 
update the file:

sed -i -e 
's#usemod\.com/cgi-bin/mb\.pl?InterMapTxt#usemod.org/cgi-bin/mb.pl?InterMapTxt#' 
-e 's#www\.usemod\.com/cgi-bin/mb\.pl?#meatballwiki.org/wiki/#' -e 
's#usemod\.com/cgi-bin/wiki\.pl#usemod.org/cgi-bin/wiki.pl#' intermap.txt

And similar, the website httpX://parawiki[.]org/ promotes a Thai 
gambling service, so it can be removed as well:

sed -i '/parawiki.org/d' intermap.txt

A significant number of thelinks in the intermap.txt are outdated, these 
*currently*don't pose an equal fraud or security risk.
We recommend only keeping those entries in the intermap.txt that are 
actually needed in your wiki.

Best regards and keep safe
Sebastian

More details:
* Moin2 Issue: https://github.com/moinwiki/moin/issues/1729
* Moin2 Merge Request for usemod: 
https://github.com/moinwiki/moin/pull/1731 (merged, unreleased)
* Moin2 Merge Request for parawiki: 
https://github.com/moinwiki/moin/pull/1732 (unmerged, unreleased)
* Moin1.9 Issue: https://github.com/moinwiki/moin-1.9/issues/100
* Moin1.9 Merge Request for usemod: 
https://github.com/moinwiki/moin-1.9/pull/101 (unmerged, unreleased)
* Moin1.9 Merge Request for parawiki: 
https://github.com/moinwiki/moin-1.9/pull/102 (unmerged, unreleased)

-- 
Sebastian Wagner <sebastian.wagner at intevation.de>  |  https://intevation.de
Intevation GmbH, Osnabrueck, DE; Amtsgericht Osnabrueck, HRB 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter

More information about the moin-devel mailing list